While you wait

If you want to use Vagrant during this session
please start right away with downloading the
LEAP/jessie vagrantbox:

:thumbsup:

vagrant box add LEAP/jessie

LEAP Encryption Access Project

Pixelated Project

Platform Workshop

Denis (Pixelated), Kwadronaut (LEAP), Varac (Pixelated, LEAP), Zara (Pixelated)

What to expect

  • Have a LEAP provider installed, for real or for testing
  • Focus on encrypted email (no VPN)
  • Install Pixelated Webmail on top (optional)

Prerequisites

  • Have a working (!) Vagrant setup
  • Or a remote sever/VM installed with fresh Debian stable OS
  • A public/private ssh keypair to login your host

LEAP Encryption Access Project

  • “Provider in a box”
  • VPN
  • Encrypted email
  • Strict client encryption

Bitmask Client

  • Formerly Python/Twisted
  • Currently rewritten with Python/Javascript
  • Only for Ubuntu/Debian Linux (VPN+Email) or Android (VPN)
  • Windows and MacOS coming soon (with your help even faster!)

Pixelated

  • Encrypted Webmail on top of LEAP
  • No installation hassle
  • Private key will be unlocked on server

Where to deploy to

Vagrant Remote Server
Locally on your laptop, for testing Out there, for testing or real
Requires Vagrant >= 1.5 and Virtualbox or other hypervisor Physical or paravirtualized Server (KVM, Xen, OpenStack, Amazon, but not VirtualBox or OpenVZ)

Tutorials

These slides: https://leap.se/slides/33c3/

Vagrant

Single node email provider

Install pre­requisites

  • Install leap-cli on your workstation/laptop, NOT on the server !

Debian & Ubuntu

$ sudo apt install git ruby ruby-dev rsync \
    openssh-client openssl rake make bzip2

Mac OS

$ brew install ruby-install
$ ruby-install ruby

Install the LEAP command-line utility

$ sudo gem install leap_cli

$ leap --version
leap 1.9, ruby 2.3.3
...

Prepare provider config

Use example.org for testing, or pick your own domain.

$ mkdir -p ~/leap/example.org
$ cd ~/leap/example.org

Checkout stable version of platform

Leap Platform Build Status: Build Status
If the last build failed, we need to checkout the last stable version of the leap_platform:

git clone https://0xacab.org/leap/platform.git \
  ../leap_platform
git checkout -b 0.9.0 0.9.0

Create provider config

$ leap new .

The primary domain of the provider: |example.org|
The name of the provider: |Example|
File path of the leap_platform directory: |/home/varac/leap_platform|
Default email address contacts: |root@example.org|
The platform directory "/home/varac/leap/leap_platform" does not exist.
Do you want me to create it by cloning from the
git repository https://leap.se/git/leap_platform.git? y
...

Add your ssh key

$ leap add-user varac --self

SSL certificates

Create SSL certificate authority, to self-sign host certificates:

$ leap cert ca
$ leap cert csr

Add Pixelated webmail

mkdir -p files/puppet/modules/custom/manifests
git clone https://github.com/pixelated/puppet-pixelated.git \
  files/puppet/modules/pixelated
echo 'class custom { include ::pixelated }' > files/puppet/modules/custom/manifests/init.pp

Option A: Add your local vagrant node

$ leap node add --local wildebeest services:webapp,couchdb,soledad,mx
$ leap local start wildebeest
$ leap local status

Option B: Add an existing remote server

$ leap node add wildebeest ip_address:0.1.2.3 \
  services:webapp,couchdb,soledad,mx

Option C: Create a new server in the cloud

$ leap vm add wildebeest services:webapp,couchdb,soledad,mx
$ leap vm status

Time to deploy !

$ leap list

$ leap node init wildebeest
$ leap deploy wildebeest

Setup DNS

We are using a fake domain here, so we need to override our DNS resolution.

  • Open another terminal and: 
    cd ~/leap/example.org
leap compile hosts

You need to edit your hosts file with admin privileges and add the output of above command to it.

  • Linux: sudo editor /etc/hosts
  • MacOS: sudo nano /etc/hosts

see Quick start tutorial/Setup DNS for details.

Questions so far ?

Test if things work correctly

$ leap test

Use Pixelated

Try more

Thanks!